Excelas Data Breach Exposes Personal and Health Information

Excelas, a national provider of medical record organization and analysis, disclosed a data breach involving unauthorized access to its computer systems.

An unauthorized actor gained access to certain Excelas computer systems between Nov. 27, 2025, and Dec. 3, 2025. During that window, the actor may have accessed or acquired a limited number of files from the network.

Following the detection of the suspicious activity, Excelas launched an investigation to determine the nature and scope of the incident. The company undertook what it described as a thorough and time-intensive review of the potentially impacted files to determine what information they contained and to identify the individuals whose data may have been affected.

The ransomware group known as Cl0p posted a claim on the dark web network Tor on Jan. 23, 2026, stating it had obtained data from the organization. The types of information that may have been exposed include both personally identifiable information and protected health information.

The personally identifiable information includes names, dates of birth, Social Security numbers and government-issued identification.

The protected health information includes diagnosis information, medical history information, mental and physical treatment records, prescription information, treating or referring physician details, medical record images, health insurance policy numbers, medical record numbers, subscriber numbers, health insurance group or plan numbers, health insurance information and payment information.

The ransomware group known as Cl0p posted a claim on the dark web network Tor on Jan. 23, 2026, stating it had obtained data from the organization.
The breach was disclosed on May 12, 2026, to attorneys general in Massachusetts and New Hampshire. Additionally, the company posted a notice on its website.

Excelas began notifying affected individuals on or about May 12, 2026.

Excelas' response to the breach

Excelas is offering complimentary identity monitoring services through Kroll. According to the Massachusetts consumer notification letter, these services are being provided for 24 months at no cost. The monitoring package includes single bureau credit monitoring, unlimited fraud consultation with a Kroll specialist and identity theft restoration services.

Affected individuals can enroll in these services at the Kroll enrollment website using the membership number included in their personal notification letter.

The company has set up a dedicated toll-free assistance line at 844-576-3143 for individuals with questions about the incident. The line is available between 9 a.m. and 6:30 p.m. Eastern Time, Monday through Friday, excluding major U.S. holidays.

Individuals may also write to Excelas at 5247 Wilson Mills Road, #640, Richmond Heights, OH 44143.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze on credit files by contacting Equifax (1-888-298-0045), Experian (1-888-397-3742) or TransUnion (1-833-799-5355), as Social Security numbers were among the data potentially exposed in this breach.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts or suspicious activity.
• Monitor health insurance statements for any medical services, prescriptions or claims that were not authorized, since detailed medical records and health insurance information were potentially involved.
• Report suspicious activity to financial institutions, health insurers and law enforcement if any signs of identity theft or fraud appear.
• Be cautious of phishing attempts that reference Excelas or this data breach by name, as scammers may try to use the incident to trick individuals into sharing additional personal information.
• File a complaint with the Federal Trade Commission at identitytheft.gov or by calling 1-877-438-4338 if identity theft is suspected.